» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)

uninstall.exe

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Gogo Network Club has been detected as adware by 7 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program iWebar by iWebar. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Gogo Network Club (signed and verified)

MD5:

0f1634c7175d82ac6eae8d46a5b344d6

SHA-1:

7e35efe7369d5461579b99773fc2bec0b8230cd4

SHA-256:

422bece70b1f1030275250aa147b612ac016f6b16e8989df9da5cb0487b8093b

Scanner detections:

7 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

5/10/2024 5:17:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.182.116

AVG

Generic

2015.0.3305

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141030

ESET NOD32

Win32/Toolbar.CrossRider.AW (variant)

8.10646

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.3021

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

Adware.iWebar.GogoNetworkClub.J

14.10.30.18

File size:

86.4 KB (88,480 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\iwebar\uninstall.exe

Digital Signature

Signed by:

Gogo Network Club

Authority:

COMODO CA Limited

Valid from:

8/19/2014 3:00:00 AM

Valid to:

8/20/2015 2:59:59 AM

Subject:

CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75BF783471861CAD78DE03A20768BF56

File PE Metadata

Compilation timestamp:

10/30/2014 10:34:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:3Krtdki4VNgQfPLLs7oxaMc13UsWjcdiaNhVJ:arduNgQfP3s7LT3biaNhj

Entry address:

0x4F8D

Entry point:

E8, 1E, 59, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 3E, 41, 00, E8, 2D, 0A, 00, 00, E8, 8C, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, B1, 58, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 92, 52, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

52.5 KB (53,760 bytes)

Program Uninstaller

Program name:

iWebar

Display publisher:

iWebar

Display version:

1.35.9.29

Uninstall string:

C:\Program Files (x86)\iWebar\Uninstall.exe /fcp=1

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.